EducationWeek recently published the article “Schools Aren’t Doing Enough to Protect Their Networks, Top Cybersecurity Official Warns.” The general theme of the article is that K-12 schools are under increased pressure from cyber attacks and they need to do more to protect their networks.
K-12 Schools Under Increased Pressure From Cyber Attacks
This is fact. Attackers have clearly stepped up attacks on K-12 schools. Before the pandemic (if you can remember that!), K-12 schools were under increased pressure with attackers viewing them as softer targets as a result of resource constraints (budget, people, security controls). The pandemic has only served to increase the attractiveness of K-12 schools as a target due to an exponential increase in attack surface driven by virtual learning.
This was validated by last month’s Joint Cybersecurity Advisory from the FBI, CISA, and MS-ISAC – Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data.
The Advisory indicates that:
“The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”
It also indicates that “according to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.”
K-12 Schools Need to Do More to Protect their Networks
This is a valid point that many will agree on. However, we think that many will also agree that K-12 schools can’t do it by themselves. As the article indicates, the need for stronger federal support for cybersecurity for K-12 and state and local government organizations has never been higher.
In addition to increased funding, another critical thing that needs to happen is increased collaboration between K-12 schools and other state and local government organizations when it comes to using and sharing \threat intelligence. It is well known that threat actors’ playbooks heavily rely on industry-specific campaigns. This has led to the increasing importance of industry-specific threat intelligence and sharing when it comes to cyber defense.
Related to the above, the article provides a few data points that are concerning.
- Only 2,000 of 13,000 U.S. school districts have signed up for free membership in the Multi-State Information Sharing & Analysis Center (MS-ISAC).
- Only about 120 schools are using a no-cost federal service called “malicious domain blocking.”
Simple & Affordable Steps K-12 Schools Can Take To Better Protect Their Networks
Let’s talk about a few simple and affordable steps K-12 schools can take to improve cyber defenses and reduce their risk from cyber attacks.
- Take advantage of free gov’t cyber resources. The U.S. Cybersecurity & Infrastructure Agency (CISA) provides access to several free and valuable resources. These include vulnerability scanning, phishing campaign assessments, risk and vulnerability assessments, and cyber resilience reviews among others.
- Get involved with industry threat intelligence sharing efforts. There is no excuse for schools to not join MS-ISAC. MS-ISAC provides valuable threat intelligence about threats targeting state and local government organizations, including schools. Even more exciting on the industry threat intelligence sharing front is the recent launch of K12 Six, a threat intelligence information sharing community specifically focused on school districts. This is something schools should definitely get involved with.
- Make your threat intelligence actionable. Using and sharing threat intelligence is great but if you don’t make it actionable then much of the value is lost. Making threat intelligence actionable means proactively using threat intelligence to detect and block threats.
How ThreatBlockr is Helping K-12 Schools Improve Cyber Defenses
At ThreatBlockr, we have lots of school districts using our platform and our interactions with schools have never been higher. This is a great sign because it indicates K-12 schools are looking at ways to better protect their networks.
The ThreatBlockr platform helps K-12 Schools detect and block more threats by:
- Providing 30 million “out of the box” threat intelligence indicators from leading commercial threat intelligence sources like Webroot, Proofpoint Emerging Threats, and Domain Tools, open source, and government sources.
- Making it simple to add threat intelligence indicators from any source including industry sources like MS-ISAC and in the near future K12 Six.
- Making all of this threat intelligence actionable by blocking up to 150 million threat indicators in real time with no latency.
At ThreatBlockr, we’ve combined threat intelligence, automation, and threat prevention into a platform that is both simple to use and affordable for K-12 schools.
At ThreatBlockr, We Believe Nothing Scales Like Simplicity. We Make Blocking Threats Smart and Simple – at Scale – Everywhere.